This article aims to provide all necessary information regarding the creation of a vserver host as well as vserver guests running Arch Linux. This will enable you to setup virtual servers that provide different services as if they were on different machines, with a very little overhead. You can get more information about virtual servers [http://en.wikipedia.org/wiki/Virtual_private_server here].

−

{{ translateme }}

+

−

+

−

=Introduction=

+

−

+

−

This article aims to provide all necessary information regarding the creation of a vserver host as well as vserver guests running ArchLinux. Tis will enable you to setup virtual servers that provide different services as if they were on different machines, with a very little overhead. You can get more information about virtual servers [http://en.wikipedia.org/wiki/Virtual_private_server here].

+

−

+

−

[disclaimer] I've just started playing around with vserver and am finding the documentation regarding this project lacking. As such, the way I'm doing this below may not be optimal.[/disclaimer]

+

=Preparing the Host=

=Preparing the Host=

−

To prepare the vserver host environment, you will need to install both a vserver patched kernel and the vserver utilities which are located in [http://wiki.archlinux.org/index.php/AUR AUR]. In the following steps, the instructions are provided using [http://wiki.archlinux.org/index.php/Yaourt yaourt] to fetch them automatically. This has the aded benefit of pulling down the required dependencies ( ''dietlibc'' and ''beecrypt'' ) automagically :

+

To prepare the vserver host environment, you will need to install both a vserver patched kernel, the vserver utilities and their dependencies which are located in the [[AUR]]. The required packages are {{AUR|dietlibc}}, {{AUR|beecrypt}}, {{AUR|kernel26-vserver}} (not found or {{AUR|linux-vserver}} orphan), and {{AUR|util-vserver}}

−

+

−

# yaourt -S kernel26-vserver util-vserver

+

=Paths of Interest=

=Paths of Interest=

Line 27:

Line 18:

If you plan on doing this often, I highly recommend that you write yourself a little batch script since most of these steps can be automated quite easily.

If you plan on doing this often, I highly recommend that you write yourself a little batch script since most of these steps can be automated quite easily.

−

−

'NOTE' : Next step is going to be writing scripts in /usr/lib/util-vservers to integrate pacman into the mix to automagically get everything built up and installed.

==Preparing the guest installation media==

==Preparing the guest installation media==

−

'NOTE' : This is all heavily inspired from [http://wiki.archlinux.org/index.php/Install_From_Existing_Linux wiki:Install From Existing Linux] and will therefore be quite brief when not mentioning Vserver specific steps.

+

'''NOTE''' : This is all heavily inspired from [https://wiki.archlinux.org/index.php/Install_From_Existing_Linux wiki:Install From Existing Linux] and will therefore be quite brief when not mentioning Vserver specific steps.

===Optional: Base variables to follow along with the steps===

===Optional: Base variables to follow along with the steps===

−

GuestName= # Name of the guest

+

GuestName= # Name of the guest

−

GuestRoot=/etc/vservers/.defaults/vdirbase/$GuestName

+

GuestRoot=/etc/vservers/.defaults/vdirbase/$GuestName

−

GuestPackages= # Listing of packages to install via pacman

+

GuestPackages= # Listing of packages to install via pacman

−

GuestDisk= # Installation target device

+

GuestDisk= # Installation target device

−

GuestNetDevice= # ex.: eth0, dummy0, etc...

+

GuestNetDevice= # ex.: eth0, dummy0, etc...

−

GuestIP= # I think you get it

+

GuestIP= # I think you get it

−

GuestContext= # Unique identifier for the guest, I go with the last part of the IP

+

GuestContext= # Unique identifier for the guest, I go with the last part of the IP

'''NOTE : ''' To save some time, it's probably a good idea to create a text file containing all the packages to install and call it via "pacman -Sy `cat $GuestPackages` -r $GuestRoot" instead of the following :

+

'''NOTE : ''' To save some time, it's probably a good idea to create a text file containing all the packages to install and call it via "pacman -S `cat $GuestPackages` -r $GuestRoot" instead of the following :

−

# pacman -Sy base -r $GuestRoot

+

# pacman -S base -r $GuestRoot

# Optional: If you want to chroot into the newly created guest so as to install new packages, it might be a good idea to mount a few filesystems required by some packages.

# Optional: If you want to chroot into the newly created guest so as to install new packages, it might be a good idea to mount a few filesystems required by some packages.

'''NOTE : ''' For me, this only worked in the actual consoles, not in X.

−

/bin/stty onlcr

+

−

echo " "

+

# Make sure that the device /dev/console exists in the guest

−

printhl "Initiating Shutdown..."

+

## If it does not, cp -a /dev/console $GuestRoot/dev/

−

echo " "

+

−

# avoid NIS hanging syslog-ng on shutdown by unsetting the domainname

+

==SSH will not start==

−

if [ -x /bin/domainname ]; then

+

I noticed that /dev/null did not always get created properly in my first experimentations. Therefore I did a quick :

−

/bin/domainname ""

+

# cp -a /dev/null $GuestRoot/dev

−

fi

+

# cp -a /dev/zero $GuestRoot/dev

−

if [ -x /etc/rc.local.shutdown ]; then

+

Furthermore, if you're not using the dummy network driver and are attaching to the host's network interface, you'll want to configure the ListenAddress statement of /etc/ssh/sshd_config so that it binds only to the guest's IP address as opposed to 127.0.0.1.

−

/etc/rc.local.shutdown

+

−

fi

+

−

if [ "$PREVLEVEL" = "3" -o "$PREVLEVEL" = "5" ]; then

+

==SSH immediately terminates the connection==

−

# Find daemons NOT in the DAEMONS array. Shut these down first

+

On my machine, SSH used to authenticate me correctly and log me in, but then immediately drop the connection without an explanation. Consulting /var/log/auth.log revealed the following:

−

if [ -d /var/run/daemons ]; then

+

−

for daemon in $(/bin/ls -1t /var/run/daemons); do

+

−

if ! in_array $daemon ${DAEMONS[@]}; then

+

−

stop_daemon $daemon

+

−

fi

+

−

done

+

−

fi

+

−

# Shutdown daemons in reverse order

+

−

let i=${#DAEMONS[@]}-1

+

−

while [ $i -ge 0 ]; do

+

−

if [ "${DAEMONS[$i]:0:1}" != '!' ]; then

+

−

ck_daemon ${DAEMONS[$i]#@} || stop_daemon ${DAEMONS[$i]#@}

+

−

fi

+

−

let i=i-1

+

−

done

+

−

fi

+

−

# Terminate all processes

+

sshd[17899]: pam_limits(sshd:session): Could not set limit for 'nice': Operation not permitted

−

stat_busy "Sending SIGTERM To Processes"

+

−

/sbin/killall5 -15 &> /dev/null

+

−

/bin/sleep 5

+

−

stat_done

+

−

stat_busy "Sending SIGKILL To Processes"

+

This is easily fixed by commenting all '''nice''' related lines in /etc/security/limits.conf.

−

/sbin/killall5 -9 &> /dev/null

+

−

/bin/sleep 1

+

−

stat_done

+

−

# Write to wtmp file before unmounting

+

=Tips & Trick=

−

/sbin/halt -w

+

==Network via dummy adapters==

−

+

Here, you're either using the dummy module to create virtual network adapters or created interface aliases via /usr/sbin/ip or /usr/sbin/ifconfig. I went for the former and configured the host as such :

−

# Power off or reboot

+

# ''/etc/sysctl.conf'' : net.ipv4.ip_forward=1<br>

−

if [ "$RUNLEVEL" = "0" ]; then

+

Modify or add that statement to enable routing on the host

−

printsep

+

# ''/etc/rc.local''<br>

−

printhl "${C_H2}POWER OFF"

+

modprobe dummy numdummies=$NumberOfGuests<br>

−

/sbin/poweroff -d -f -h -i

+

ip link set dev dummy$GuestContext name $GuestName

−

else

+

−

printsep

+

−

printhl "${C_H2}REBOOTING"

+

−

# if kexec is installed and a kernel is loaded, use it

+

−

[ -x /sbin/kexec ] && /sbin/kexec -e > /dev/null 2>&1

+

−

/sbin/reboot -d -f -i

+

−

fi

+

−

+

−

# End of file

+

−

# vim: set ts=2 sw=2 noet:

+

−

+

−

+

−

+

−

=Troubleshooting=

+

−

=Tips & Tricks=

+

This provides me with dummy interfaces that I can route / firewall that are all named the same as my guests... yay.

Revision as of 09:37, 8 March 2013

This article aims to provide all necessary information regarding the creation of a vserver host as well as vserver guests running Arch Linux. This will enable you to setup virtual servers that provide different services as if they were on different machines, with a very little overhead. You can get more information about virtual servers here.

Preparing the Host

To prepare the vserver host environment, you will need to install both a vserver patched kernel, the vserver utilities and their dependencies which are located in the AUR. The required packages are dietlibcAUR, beecryptAUR, kernel26-vserverAUR (not found or linux-vserverAUR orphan), and util-vserverAUR

Paths of Interest

/etc/vservers/.defaults : configuration skeleton used when building new guests

/etc/vservers/.defaults/vdirbase : symlink to the folder containing vserver guests. This defaults to /vservers.

/etc/vservers/<guest name> : guest specific configurations

Preparing the Guests

Vserver will launch guests from subfolders of /etc/vservers/.defaults/vdirbase. As such, creating a new guest system is as simple as installing the required packages in a folder of the host. Furthermore, there's nothing stopping you ( and quite a few things encouraging you ) to mount filesystems to the subfolders of vdirbase and installing your guest in there.

If you plan on doing this often, I highly recommend that you write yourself a little batch script since most of these steps can be automated quite easily.

Preparing the guest installation media

Optional: Base variables to follow along with the steps

GuestName= # Name of the guest
GuestRoot=/etc/vservers/.defaults/vdirbase/$GuestName
GuestPackages= # Listing of packages to install via pacman
GuestDisk= # Installation target device
GuestNetDevice= # ex.: eth0, dummy0, etc...
GuestIP= # I think you get it
GuestContext= # Unique identifier for the guest, I go with the last part of the IP

Optional: Preparing the guest disk

Create a LVM Physical Volume, a Volume Group and a Logical Volume ( wiki:LVM )

Prepare the guest's filesystem

Prepare guest filesystem for the pacman db

mkdir -p /newarch/var/lib/pacman

Install the base system

NOTE : To save some time, it's probably a good idea to create a text file containing all the packages to install and call it via "pacman -S `cat $GuestPackages` -r $GuestRoot" instead of the following :

pacman -S base -r $GuestRoot

Optional: If you want to chroot into the newly created guest so as to install new packages, it might be a good idea to mount a few filesystems required by some packages.

Bind /dev, /proc, /sys to the corresponding directories in $GuestRoot

Modify guest configuration files to enable a smoother boot process

Modify /etc/inittab by deleting all lines that create the consoles ( agetty )

Modify /etc/rc.shutdown by removing anything hardware/clock/mount related. This includes most everything under Saving Random Seed'.

Viewing output from vserver $GuestName start / stop

SSH will not start

I noticed that /dev/null did not always get created properly in my first experimentations. Therefore I did a quick :

cp -a /dev/null $GuestRoot/dev

cp -a /dev/zero $GuestRoot/dev

Furthermore, if you're not using the dummy network driver and are attaching to the host's network interface, you'll want to configure the ListenAddress statement of /etc/ssh/sshd_config so that it binds only to the guest's IP address as opposed to 127.0.0.1.

SSH immediately terminates the connection

On my machine, SSH used to authenticate me correctly and log me in, but then immediately drop the connection without an explanation. Consulting /var/log/auth.log revealed the following:

sshd[17899]: pam_limits(sshd:session): Could not set limit for 'nice': Operation not permitted

This is easily fixed by commenting all nice related lines in /etc/security/limits.conf.

Tips & Trick

Network via dummy adapters

Here, you're either using the dummy module to create virtual network adapters or created interface aliases via /usr/sbin/ip or /usr/sbin/ifconfig. I went for the former and configured the host as such :